Valid users & SAMBA_3_0_23

Jeremy Allison jra at
Fri Aug 4 15:36:01 GMT 2006

On Fri, Aug 04, 2006 at 10:00:25AM -0500, Gerald (Jerry) Carter wrote:

> Since I am of the position that all domain accounts in
> smb.conf should be fully qualified, I'd expect 'force user =
> lizard' to resolve the to the Unix SID and not domain SID.
> I know this is subtle.  What are your thoughts here?

Yep - just looked at the code in lookup_name(). That's
what is going this. There's a comment in there for a
similar common case :

         * For 'valid users = +users' we know "users" is most probably not
         * BUILTIN\users but the unix group users. This hack requires the
         * admin to explicitly qualify BUILTIN if BUILTIN\users is meant.

I'm loath to change lookup_name, Volker spent a *lot* of time
getting that right :-). Let me look at the codepaths....

Using a domain of "Unix users" will force the correct lookup....


More information about the samba-technical mailing list